hxxps://www[.]youtube[.]com/attribution_link?c=coachblog-ytm-acq-int-blog-txt-coach&u=https%3A%2F%2Fmijit[.]club%2F/[.]email%2Fverification%2F/k4jrkq%2F%2F%2F%2FQiuyan[.]Huang@met[.]com%3Fid%3Dcom[.]google[.]android[.]apps[.]youtube[.]music

Analysis

max time kernel
150s
max time network
144s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
29-03-2023 06:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/attribution_link?c=coachblog-ytm-acq-int-blog-txt-coach&u=https%3A%2F%2Fmijit.club%2F/.email%2Fverification%2F/k4jrkq%2F%2F%2F%2FQiuyan.Huang@met.com%3Fid%3Dcom.google.android.apps.youtube.music

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133245510953902472"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

2492 chrome.exe
2492 chrome.exe
2212 chrome.exe
2212 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

Processes:

chrome.exe

pid process

2492 chrome.exe
2492 chrome.exe
2492 chrome.exe
2492 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2492 wrote to memory of 2748	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 2748	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 2508	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 2508	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 2508	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 2508	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 2508	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 2508	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 2508	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 2508	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 2508	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 2508	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 2508	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 2508	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 2508	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 2508	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 2508	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 2508	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 2508	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 2508	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 2508	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 2508	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 2508	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 2508	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 2508	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 2508	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 2508	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 2508	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 2508	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 2508	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 2508	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 2508	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 2508	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 2508	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 2508	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 2508	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 2508	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 2508	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 2508	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 2508	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 1452	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 1452	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 4460	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 4460	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 4460	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 4460	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 4460	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 4460	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 4460	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 4460	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 4460	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 4460	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 4460	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 4460	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 4460	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 4460	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 4460	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 4460	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 4460	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 4460	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 4460	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 4460	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 4460	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 4460	2492	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://www.youtube.com/attribution_link?c=coachblog-ytm-acq-int-blog-txt-coach&u=https%3A%2F%2Fmijit.club%2F/.email%2Fverification%2F/k4jrkq%2F%2F%2F%2FQiuyan.Huang@met.com%3Fid%3Dcom.google.android.apps.youtube.music
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2492

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff9cdd49758,0x7ff9cdd49768,0x7ff9cdd49778
2⤵
PID:2748

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1824 --field-trial-handle=1864,i,3387772933526555123,11986663491696075289,131072 /prefetch:8
2⤵
PID:1452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=1864,i,3387772933526555123,11986663491696075289,131072 /prefetch:2
2⤵
PID:2508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2132 --field-trial-handle=1864,i,3387772933526555123,11986663491696075289,131072 /prefetch:8
2⤵
PID:4460

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3064 --field-trial-handle=1864,i,3387772933526555123,11986663491696075289,131072 /prefetch:1
2⤵
PID:4620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3044 --field-trial-handle=1864,i,3387772933526555123,11986663491696075289,131072 /prefetch:1
2⤵
PID:3000

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4412 --field-trial-handle=1864,i,3387772933526555123,11986663491696075289,131072 /prefetch:1
2⤵
PID:628

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3480 --field-trial-handle=1864,i,3387772933526555123,11986663491696075289,131072 /prefetch:1
2⤵
PID:4748

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 --field-trial-handle=1864,i,3387772933526555123,11986663491696075289,131072 /prefetch:8
2⤵
PID:4320

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4864 --field-trial-handle=1864,i,3387772933526555123,11986663491696075289,131072 /prefetch:8
2⤵
PID:600

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2336 --field-trial-handle=1864,i,3387772933526555123,11986663491696075289,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2212

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3856

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
600B

MD5
bcb5c27ef572ae4ac93df6e4544d6309

SHA1
3e0a6bd8c8c860bd249a4ebf2434a7ab3dcb23d4

SHA256
90b1a77606329cd5788f42e0ef00400851d1022d639a7154f7ab7cae36f2c872

SHA512
18516fbdd541d253f12bb4da3d9b95426a4d36bdb56ca579f1ff0e8fb7582cf854ac77088af8be5e5ba3b98d10cd7661eb7717518fb1d2e78b8a83fa4020227e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
624B

MD5
b6f64d5306490f0f0a59a48199bd4ed2

SHA1
fa638f332df10d57ca106c723996d9a52b8aa856

SHA256
dff6e5692f0d1d6b0a6020038f6e2813d050df6d6c9c79d98e7c3c8d9baa52e6

SHA512
b3c9ec79b3bb090a3ce7b6e53b329f312d072edb2f1b7cddadc0e20294b65083c01f7dd32814577ec7bffdd27cb021b069f8d36de280b94b68bf159c3ddd2b66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
c3372e2ef051dcb4fa7347b8f9e34475

SHA1
b773a9306c5b84d65e7946b46ab75dd604e3ec5e

SHA256
121dfa9c0e869b3736e67375892bdbce0a0c1c3cb4380a4ca06869aa125f6bf5

SHA512
d6ac74250f7628bac0dbbc4d3d1dedd7016d3520c80bef74235931982d95e4a43386664bc7de9b7aa88e728de6fd1b3752ca4cf805b9a5a379e8b912539b42c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
1ab86d0ca89e5f39f04e2f26ac54ee44

SHA1
25b1ed8e2d92e213e053e6904c063ee426b16e28

SHA256
7ba032fb3f06711e3cc9cdd401e65e6642d05b4b91caeb3091dabc1b9dc6d516

SHA512
b67f40a5c331cac538b21eadd1d04a650b15620e7a9239901dfdbfa8f73d8d6eec7689d1b98e510ada6e8053249e19e91eec0f9af2cafc71a5ac4e365345d1f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1007B

MD5
2bf95a33f6d0b71840b0a34aa559187e

SHA1
88d2f98ff361ce71563232b275f52c50a795a970

SHA256
80a3f0ddb4feb3c3d57fce566bb1a6d88184565f93683e6a15df19512baead09

SHA512
d0fe3d56d5d90aedbff3e65994a140bd9c86f84ea533fcfaa798a7201a99391dee90ac564ada470577084b87707f91efcdd7a8ee8b85c612d5a963e8ff232b0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
ef8b9450a774b80750e39cbf80a4f561

SHA1
863625a91d3129a48c272fbab66ab817ed33ab73

SHA256
bab3f0b4b5ed1ac61b2478a5f7047ed47451d8a3c334aa2d6d03d7eed65d595e

SHA512
a7a8e6e9fa415230dbe3e562aa221143a20a7a4b991eaba7078b8895b298d99c4cd9b916ec21f7be6d844d53e32e3f0497efcd588bd0e5a5db93e7828a9c3074

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
da7e702637ef08dba58a6769813f5831

SHA1
22ecddcfcdd6092a54545fca2b15f0f4f8d0f119

SHA256
fd6f47f7d0a07ca1b1e6309d3651cd3ee9bf246b34b0a42a23d9331632450187

SHA512
a3fb1f18486c09e1d24d5bd9b2340b6f9511e03e7350b9b8302b6aef8cb85992496079eb6ea149955985051b53706cb90e03393a08a37a88835c1a0feeb34074

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\a6623987-e312-4797-a3a6-dd53b44ea369.tmp
Filesize
2KB

MD5
285963a417d993b562014960b43b7b87

SHA1
9dbc7ea0ba554bb7bab6fa6d93fedadb2e4a0e20

SHA256
eee753fc9859cd31f3e73342e782a4a8a21a5a98791551894634bb35dbd48a6d

SHA512
26d3428e1736b4bb2035b68f265930a26df3075b2aab7dc0b119c7aca4674e5c7d4a7f8172a0b231590ef653aa5406e20a938ed970a347d20e9175ae7b7da17f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
103dfd5a4e207508d2359d9f4f0868be

SHA1
52ce30664ddabaa140b9be090dd9cac114a2e616

SHA256
efb53c199b07bea6df38a64b59ab9611481a4a9758eff6bb8de85131612932cf

SHA512
69d88d7780649123c8de7f4e7d37d4e9c39973ecb4a6cfd0f75aa4f2e8eca7ba64fa5ef416a2b18076b743ed88c171822d83c91fe72c330f2ee1fc8bcb941c3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
bb3aaa67e43ca8bfc8f217a1d1ed94af

SHA1
1462dbdd1fe24ee967a08c2292e34f51f756c420

SHA256
eb4b27011953d1e90ab65273c796c17ba9fabd4b20eda8b909380cf516909e75

SHA512
8f8ffd970106df5005dd5758bb83309d1a63a1110c3ed1f94fef539ab382ac52c0664612ccc38d36e71ac09230137dc21feeb81b14ff3043d3061fb94f66947c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
144KB

MD5
de979ad2b19ab0c61da2955c3ef4ca76

SHA1
5c4c0330903ef8fd2e5ca00c57fa13fc1f4d258b

SHA256
44c5a6cbf9788d3dfd2b7a5c53b5fce50139b294f766257698610ff7268892c3

SHA512
82f380556768821dc4f7d59966081c8de4c6e7006021cccb0f38c06896350648a0e20e65605b564b51001c4da042276147bbfb410eb7a25e5207f303a931b049

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_2492_YXMAANSQHQVOSXID
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit